Message Image

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

Skip main navigation (Press Enter).

Genesys Engage on-premises

View Only

Discussion Thread View

Back to discussions

Expand all | Collapse all

About CVE-2021-44228 | a zero-day in the Apache Log4j 2 Java library

Duong Phan12-16-2021 00:32

Dears ! We got the advisory from Genesy. In article, we see that: " The immediate threat can be mitigated ...

Gert Sogaard (DO NOT USE)12-16-2021 05:07

Hi Unfortunately, there is not just one procedure, but more or less a separate procedure per product ...

Michael Sann12-16-2021 08:56

Genesys has updated the advisory and recommends to remove the JNDI class. ------------------------------ ...

Angus Huckle12-17-2021 03:35

Another option for DMS and UCS is to replace the log4j jar files with their 2.16 equivalents. The ...

Tony Morrow12-17-2021 09:07

Michael, definitely a good immediate solution. Though, I'm concerned about long term tracking on ...

Angus Huckle12-17-2021 14:22

UCS was a straight swap of log4j files as the startup script handles that. DMS was a rename i.e. ...

Tony Morrow12-17-2021 14:35

Thanks. Also, looking at Genesys Release Notes, they are pushing out updates that now includes ...

Siptain Ali12-17-2021 04:00

Hi John, Based on the latest update from Apache the immediate thread can be mitigated by removing ...

Duong Phan12-17-2021 08:24

Hi Siptain, Thank you for sharing. ------------------------------ Duong Phan ------------------------------ ...

Senih Demren12-17-2021 13:06

Thanks for sharing details. Does anyone know what to do with GAX? its listed as vulnerable by Genesys, ...

Tony Morrow12-17-2021 13:26

Mine is located at: \genesys\gax_01\webapp